Microsoft is planning to release nine bulletins, three critical, as part of the July edition of its Patch Tuesday monthly update cycle. One of the three crucial advisories is expected* to offer patches for a serious XML Core Services vulnerability, disclosed but not fixed in June’s Patch Tuesday. This vulnerability has been …
What happened to
Your Patch Tuesday article for June?
There were quite a few patches last month too.
Common theme, common prevention.
An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
[broken-record] Running as a non-admin would prevent anything exploiting this from breaking the OS. [/broken-record]
(I want to see a "nothing to see here, move along" icon.)
..all your Corporate Drone User Files (think weapons blueprints) might be shipped to Moldavia. Or Shenzen. Or Pyongyang.
Yeah, sandboxing should catch it, but only if there is a sandbox involved. Is your MS Office OOXML parser sandboxed ?? Not ? You better use a different account to view any external *docx or *xlsx.
What ? You braindead corpo policy forbids more than one account per drone ? Sorry, you and your files are stuffed.
That's not an XML bug...
That's a Microsoft bug. Get your headlines right!
Re: That's not an XML bug...
Umm, I read the title as being Microsoft's implementation being at fault, rather than XML per se. I can't really see where you got the Register blaming XML as a whole.
Have they re-issued the Browser Choice program?
It seems to have re-appeared on my Windows Update, but I haven't installed it. Given recent developments, how do I know it isn't teh vvrus?
In other news, my flaky Dell Latitude ST seems to be even flakier since I installed Opera 12.00. I've decided to run any novel web sites in Firefox instead. Teh Register seems to be able to make Opera crash my Dell. Maybe the new plugin handler...
Re: Have they re-issued the Browser Choice program?
I've noticed that The Reg site sends my Opera browser at home to nigh on 100% CPU on Win7/64bit, but not at work on the same...
Hardly a Zero Day vulnerability now if M$ disclosed it in June.
Removes OS and Software.
Keep away from IE !
- Pics Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype
- Teardown Pop open this iPhone 6 and see where the magic oozes from ... oh hello again, Qualcomm
- Analysis Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring
- Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln